CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

868 matches found

CNVD•added 2020/06/22 12:0 a.m.•6 views

Caldera Cross-Site Scripting Vulnerability

Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. A cross-site scripting vulnerability exists in Caldera version 2.7.0. The vulnerability stems from a lack of proper validation of client-side data b...

5.4CVSS6.2AI score0.00191EPSS

Exploits1

CNVD•added 2020/06/22 12:0 a.m.•8 views

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-19405)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab...

6.1CVSS5.8AI score0.0021EPSS

Exploits0References1

CNVD•added 2020/06/22 12:0 a.m.•3 views

Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-48232)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability stems from the WEB application's lack of proper validation of client data. An attacke...

6.1CVSS7AI score0.00359EPSS

Exploits0References1

CNVD•added 2020/06/22 12:0 a.m.•1 views

Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-35334)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A cross-site scripting vulnerability exists in Mattermost Server versions prior to 2.2.0. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

6.1CVSS6.3AI score0.00359EPSS

Exploits0References1

UbuntuCve•added 2020/06/19 10:15 p.m.•18 views

CVE-2020-13262

Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link...

6.1CVSS6.4AI score0.0021EPSS

Exploits0References4

CNVD•added 2020/06/19 12:0 a.m.•9 views

WSO2 Identity Server and IS as Key Manager Cross-Site Scripting Vulnerabilities

WSO2 Identity Server IS and WSO2 IS as Key Manager are both products of WSO2 Corporation, USA.WSO2 Identity Server is an identity server.WSO2 IS as Key Manager is a key manager. A cross-site scripting vulnerability exists in the Management Console Policy Administration user interface in WSO2...

5.4CVSS6.2AI score0.00218EPSS

Exploits1

CNVD•added 2020/06/17 12:0 a.m.•5 views

MONITORAPP AIWAF-VE and AIWAF-4000 Cross-Site Scripting Vulnerabilities

Monitorapp AIWAF-4000 is an application firewall from MONITORAPP Monitorapp, USA. A cross-site scripting vulnerability exists in MONITORAPP AIWAF-VE and AIWAF-4000 2020-06-16 and earlier versions. The vulnerability stems from a lack of proper validation of client data by the WEB application. An...

6.1CVSS6.2AI score0.0023EPSS

Exploits0References1

CNVD•added 2020/06/17 12:0 a.m.•7 views

Wiki.js Cross-Site Scripting Vulnerability

Wiki.js is Requarks.io team of a set of Node.js-based and written in JavaScript language open source Wiki software . A cross-site scripting vulnerability exists in Wiki.js versions prior to 2.4.107. The vulnerability stems from the WEB application's lack of proper validation of client-side data. ...

6.3CVSS6.1AI score0.0024EPSS

Exploits0References1

CNVD•added 2020/06/16 12:0 a.m.•6 views

WordPress wpForo Forum plugin cross-site scripting vulnerability (CNVD-2021-24376)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wpForo Forum plugin is a forum plugin used in it. A cross-site scripting vulnerability exists in WordPress wpForo Forum...

6.1CVSS6.2AI score0.0019EPSS

Exploits2References1

CNVD•added 2020/06/15 12:0 a.m.•9 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-24378)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress, which stems from the lack of proper validation of...

5.4CVSS6.1AI score0.06854EPSS

Exploits0References1

CNVD•added 2020/06/11 12:0 a.m.•8 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-29465)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Laborator Xenon theme is a website theme plugin that uses one of the... A cross-site scripting vulnerability exists in...

6.1CVSS6.2AI score0.0019EPSS

Exploits2References1

CNVD•added 2020/06/04 12:0 a.m.•1 views

Naviwebs Navigate CMS Cross-Site Scripting Vulnerability (CNVD-2020-35984)

Navigate CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in the lib/packages/websites/website.class.php file in Navigate CMS 2.8.7 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

6.1CVSS6.4AI score0.0024EPSS

Exploits0References1

CNVD•added 2020/06/04 12:0 a.m.•2 views

CloudBees Jenkins ECharts API Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . ECharts API Plugin is used in one of the chart...

5.4CVSS6.5AI score0.00121EPSS

Exploits0References1

CNVD•added 2020/06/03 12:0 a.m.•2 views

Grafana Cross-Site Scripting Vulnerability (CNVD-2020-36524)

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A cross-site scripting vulnerability exists in Grafana version 5.3.1. The vulnerabilit...

6.1CVSS7.5AI score0.00825EPSS

Exploits1References1

CNVD•added 2020/06/02 12:0 a.m.•1 views

Red Hat Resteasy Cross-Site Scripting Vulnerability (CNVD-2020-41082)

Red Hat Resteasy is the United States Red Hat Red Hat, a JAX-RS a Java programming language API specification implementation. A cross-site scripting vulnerability exists in Red Hat Resteasy. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

6.1CVSS6.4AI score0.00344EPSS

Exploits1References1

CNVD•added 2020/05/28 12:0 a.m.•1 views

Cross-site scripting vulnerability in WebKit component of multiple Apple products (CNVD-2020-43686)

Apple iOS is an operating system developed for mobile devices.Apple tvOS is an operating system for smart TVs.Apple iPadOS is an operating system for iPad tablets.WebKit is one of the web browser engine components. A cross-site scripting vulnerability exists in the WebKit component of several App...

7.1CVSS8.7AI score0.00818EPSS

Exploits0References1

CNVD•added 2020/05/28 12:0 a.m.•1 views

Cross-site scripting vulnerability in WebKit component of multiple Apple products (CNVD-2020-43687)

7.1CVSS8.7AI score0.00818EPSS

Exploits0References1

FreeBSD•added 2020/05/27 12:0 a.m.•37 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: User Email Verification Bypass OAuth Flow Missing Email Verification Checks Notification Email Verification Bypass Undisclosed Vulnerability on a Third-Party Rendering Engine Group Sign-Up Restriction Bypass Mirror Project Owner Impersonation Missing Permission Check on Fork...

2AI score

Exploits0References1

CNVD•added 2020/05/19 12:0 a.m.•4 views

MISP Cross-Site Scripting Vulnerability (CNVD-2021-08165)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the app/View/Events/resolvedattributes.ctp...

6.1CVSS6.1AI score0.0024EPSS

Exploits0References1

CNVD•added 2020/05/14 12:0 a.m.•8 views

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2021-28008)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in the Files PDF viewer in Nextcloud Server versions prior to 18.0.3. The vulnerability stems from a lack of prope...

5.4CVSS6AI score0.00569EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by